Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
10081	2024-05-05 10:39	yileyou.exe 621aff451af46a3e94ede2ebfcb96dc6 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger Creates executable files Check virtual network interfaces RCE DNS		4		5.6	M	39	ZeroCERT

10082	2024-05-05 10:39	yungengxin.exe 39bd6fd27d2093d5867143d759942251 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces RCE		2		5.4	M	39	ZeroCERT

10083	2024-05-05 10:38	svchosc.exe aa566acaa8b6baaa830aff78d45501a1 Generic Malware Malicious Library Downloader Malicious Packer UPX ScreenShot KeyLogger AntiDebug AntiVM PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware Code Injection unpack itself malicious URLs sandbox evasion Browser DNS		8		7.4		57	ZeroCERT

10084	2024-05-05 10:38	syncq.exe 9d13ef960c157624ac37ab30b76d26d0 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0		58	ZeroCERT

10085	2024-05-05 10:34	cyber2019.exe 813b31f7ee7bbdd8e42890394ea6f16f Generic Malware UltraVNC Malicious Library UPX Malicious Packer VMProtect Anti_VM PE File PE32 OS Processor Check MZP Format DLL ftp VirusTotal Malware PDB Checks debugger Creates executable files unpack itself sandbox evasion WriteConsoleW crashed				5.6		50	ZeroCERT

10086	2024-05-05 10:33	T76434567000.exe fbccdd35ee6dccadaeaa69e37fbbd171 Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	3 Keyword trend analysis	6	7 Info ET DNS Query to a .tk domain - Likely Hostile ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check	11.0		34	ZeroCERT

10087	2024-05-05 10:17	ExcUserFault_imagent-2024-04-2... 1194e4a6c9cc73464db69aed6aa4dedd AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

10088	2024-05-04 14:26	master.exe eb508c21c59a7fff7924f7243e5949e8 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware				1.8	M	51	ZeroCERT

10089	2024-05-04 14:24	hotstuffnewrdp.vbs bf7046a9d40c33822cbf5dea1c9629ec VirusTotal Malware VBScript wscript.exe payload download Creates shortcut Check virtual network interfaces Tofsee DNS Dropper	1 Keyword trend analysis	3	2	10.0	M	11	ZeroCERT

10090	2024-05-04 14:24	Archivenfromationalprotectiont... 2b9ab36214ca6de144e42468706d2c64 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	2	4.6	M	38	ZeroCERT

10091	2024-05-04 14:22	wewanthowthemagicalwordshappen... b113b57d6e1f23380163d91dcfa68a5a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	3	5.0	M	38	ZeroCERT

10092	2024-05-04 14:21	yohan.exe 7f991bd7699126d6cca12241de7e7c44 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware Checks debugger Disables Windows Security Windows DNS		1		4.4	M	48	ZeroCERT

10093	2024-05-04 14:20	prnportsixinfromationalprotect... 49e3c07508aa3f53a67fbec97fa07dc1 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	3 Keyword trend analysis	6	3	4.6	M	35	ZeroCERT

10094	2024-05-04 14:19	youhaveonefilefortody.vbs d8042714120e0e780d00490e045a2816 VirusTotal Malware VBScript wscript.exe payload download Creates shortcut Check virtual network interfaces Tofsee Dropper	1 Keyword trend analysis	2	2	10.0	M	21	ZeroCERT

10095	2024-05-04 14:18	shelovedsomeonetounderstandthe... a2b050f9634ea0c8cb1456e13b59b505 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	3	9 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.4	M	35	ZeroCERT